1. Home
  2. Software
  3. netstat

netstat

netstat is an operating system utility that displays active TCP connections, listening ports, and network statistics. [1]

ID: S0104
Type: TOOL
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1049 System Network Connections Discovery

netstat can be used to enumerate local network connections, including active TCP connections and other network statistics.[1]

Groups That Use This Software

ID Name References
G0027 Threat Group-3390

[2]
G0049 OilRig

[3][4]
G0010 Turla

[5]
G0004 Ke3chang

[6][7]
G0096 APT41

[8]
G0116 Operation Wocao

[9]
G0018 admin@338

[10]
G0071 Orangeworm

[11]

References

  1. Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.
  2. Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
  3. Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
  4. Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
  5. Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
  6. Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.
  1. Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
  2. Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
  3. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
  4. FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.
  5. Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.